diff --git a/.gitignore b/.gitignore
index e124a7e0e..ab421ee1a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,6 @@
 .classpath
 /.idea
 **/*.iml
+/tfs - Shortcut.lnk
+/buildlog.log
+/.vs
diff --git a/tfs/pom.xml b/tfs/pom.xml
index 6dc87f969..22c48e144 100644
--- a/tfs/pom.xml
+++ b/tfs/pom.xml
@@ -9,7 +9,7 @@
   <artifactId>tfs</artifactId>
   <packaging>hpi</packaging>
   <name>Team Foundation Server Plug-in</name>
-  <version>5.157.1-SNAPSHOT</version>
+  <version>5.666.1-SNAPSHOT</version>
   <url>http://wiki.jenkins-ci.org/display/JENKINS/Team+Foundation+Server+Plugin</url>
 
   <properties>
@@ -279,5 +279,13 @@
         <artifactId>json</artifactId>
         <version>20090211</version>
     </dependency>
+	
+	<dependency>
+  <groupId>org.apache.commons</groupId>
+  <artifactId>commons-digester3</artifactId>
+  <version>3.2</version>
+  <classifier>with-deps</classifier>
+</dependency>
+	
   </dependencies>
 </project>
diff --git a/tfs/src/main/java/hudson/plugins/tfs/ChangeSetReader.java b/tfs/src/main/java/hudson/plugins/tfs/ChangeSetReader.java
index f96aa3dbb..2103abfb8 100644
--- a/tfs/src/main/java/hudson/plugins/tfs/ChangeSetReader.java
+++ b/tfs/src/main/java/hudson/plugins/tfs/ChangeSetReader.java
@@ -8,16 +8,17 @@
 import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.List;
+import javax.xml.parsers.ParserConfigurationException;
 
 import hudson.model.Run;
 import hudson.scm.RepositoryBrowser;
-import org.apache.commons.digester.Digester;
-import org.xml.sax.SAXException;
 
+import org.xml.sax.SAXException;
+import org.apache.commons.digester3.Digester;
 import hudson.plugins.tfs.model.ChangeLogSet;
 import hudson.plugins.tfs.model.ChangeSet;
 import hudson.scm.ChangeLogParser;
-import hudson.util.Digester2;
+
 
 /**
  * TeamFoundation change log reader.
@@ -36,7 +37,8 @@ public ChangeLogSet parse(final Run build, final RepositoryBrowser<?> browser, f
     /** Performs the actual parsing. */
     public ChangeLogSet parse(final Run build, final RepositoryBrowser<?> browser, final Reader reader) throws IOException, SAXException {
         List<ChangeSet> changesetList = new ArrayList<ChangeSet>();
-        Digester digester = new Digester2();
+       // Digester digester = new Digester2();
+        Digester digester = createDigester(true);
         digester.push(changesetList);
 
         digester.addObjectCreate("*/changeset", ChangeSet.class);
@@ -56,4 +58,21 @@ public ChangeLogSet parse(final Run build, final RepositoryBrowser<?> browser, f
 
         return new ChangeLogSet(build, browser, changesetList);
     }
+         /** Creates a Digester. */
+       public static Digester createDigester(final boolean secure) throws SAXException {
+        Digester digester = new Digester();
+        if (secure) {
+            digester.setXIncludeAware(false);
+            try {
+                digester.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+                digester.setFeature("http://xml.org/sax/features/external-general-entities", false);
+                digester.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+                digester.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            } catch (ParserConfigurationException ex) {
+                throw new SAXException("Failed to securely configure xml digester parser", ex);
+            }
+        }
+        return digester;
+    }
+
 }